diff --git a/typo3/sysext/core/Classes/Security/ContentSecurityPolicy/HashValue.php b/typo3/sysext/core/Classes/Security/ContentSecurityPolicy/HashValue.php index 8a392eecc4e..bda5b5e0217 100644 --- a/typo3/sysext/core/Classes/Security/ContentSecurityPolicy/HashValue.php +++ b/typo3/sysext/core/Classes/Security/ContentSecurityPolicy/HashValue.php @@ -27,6 +27,12 @@ final class HashValue implements \Stringable, SourceValueInterface { public readonly string $value; + public static function hash(string $payload, HashType $type = HashType::sha256): self + { + $value = hash($type->value, $payload, true); + return self::create($value, $type); + } + public static function create(string $value, HashType $type = HashType::sha256): self { return new self($value, $type); diff --git a/typo3/sysext/core/Tests/Functional/Security/ContentSecurityPolicy/PolicyTest.php b/typo3/sysext/core/Tests/Functional/Security/ContentSecurityPolicy/PolicyTest.php index 09bc69d6be7..f702ef14b45 100644 --- a/typo3/sysext/core/Tests/Functional/Security/ContentSecurityPolicy/PolicyTest.php +++ b/typo3/sysext/core/Tests/Functional/Security/ContentSecurityPolicy/PolicyTest.php @@ -59,12 +59,18 @@ public function hashProxyIsCompiled(): void } #[Test] - public function hashValueIsCompiled(): void + public function hashValueIsCompiledUsingHashFactory(): void + { + $policy = (new Policy())->extend(Directive::ScriptSrc, HashValue::hash('test')); + self::assertSame("script-src 'sha256-n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg='", $policy->compile($this->nonce)); + } + + #[Test] + public function hashValueIsCompiledUsingCreateFactory(): void { $hash = hash('sha256', 'test', true); - $hashB64 = base64_encode($hash); $policy = (new Policy())->extend(Directive::ScriptSrc, HashValue::create($hash)); - self::assertSame("script-src 'sha256-$hashB64'", $policy->compile($this->nonce)); + self::assertSame("script-src 'sha256-n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg='", $policy->compile($this->nonce)); } #[Test]